Tag
medium
advisory
External User Added to Google Workspace Group
2 rules 2 TTPsDetection of an external Google Workspace user account being added to an existing group, potentially indicating an adversary attempting to intercept shared files or emails by adding accounts where the domain name of the target doesn't match the Google Workspace domain.
Google Workspace
google_workspace
initial_access
account_manipulation
2r
2t
medium
advisory
Entra ID Application Credential Modification
3 rules 2 TTPsAn adversary may add unauthorized credentials to an Azure application, enabling persistent access, evading defenses, and escalating privileges by modifying certificates or secrets.
Azure +1
persistence
entra_id
account_manipulation
3r
2t